What ASN.1 got right

Nico Williams <nico@cryptonector.com> Tue, 02 March 2021 01:07 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 0DAC83A0853 for <ietf@ietfa.amsl.com>; Mon, 1 Mar 2021 17:07:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Cr3i1Dz6Ut_o for <ietf@ietfa.amsl.com>; Mon, 1 Mar 2021 17:07:37 -0800 (PST)
Received: from bumble.maple.relay.mailchannels.net (bumble.maple.relay.mailchannels.net []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EF313A084A for <ietf@ietf.org>; Mon, 1 Mar 2021 17:07:37 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost []) by relay.mailchannels.net (Postfix) with ESMTP id 8C552542910; Tue, 2 Mar 2021 01:07:36 +0000 (UTC)
Received: from pdx1-sub0-mail-a86.g.dreamhost.com (100-96-17-38.trex.outbound.svc.cluster.local []) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 0A0845421BE; Tue, 2 Mar 2021 01:07:36 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a86.g.dreamhost.com (pop.dreamhost.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by (trex/6.0.2); Tue, 02 Mar 2021 01:07:36 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Arch-Language: 371956ce115d5ed7_1614647256265_1440359558
X-MC-Loop-Signature: 1614647256264:3699900727
X-MC-Ingress-Time: 1614647256264
Received: from pdx1-sub0-mail-a86.g.dreamhost.com (localhost []) by pdx1-sub0-mail-a86.g.dreamhost.com (Postfix) with ESMTP id C16FB7E52C; Mon, 1 Mar 2021 17:07:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:subject:message-id:mime-version:content-type; s= cryptonector.com; bh=l/6zndbbkLL6zHHXEmZyXWIgiIs=; b=MclfesA6OJU zuB0n/0lBQvJbnlvLk3GyiO50u2IBBHSL2IsjDuOd4SYjVXABQcOqP/n8cDnpT53 m+Cp2Ki9kP+5MlWsVZN4Biwjx89WAzeznJdLzDFAMwXVGoLYwCUAfrxQLL4K76b1 oWuZR+yKYZY21WSSYdDKJ5kEjSxrbk7I=
Received: from localhost (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a86.g.dreamhost.com (Postfix) with ESMTPSA id 6187E7EC5A; Mon, 1 Mar 2021 17:07:34 -0800 (PST)
Date: Mon, 1 Mar 2021 19:07:32 -0600
X-DH-BACKEND: pdx1-sub0-mail-a86
From: Nico Williams <nico@cryptonector.com>
To: ietf@ietf.org
Subject: What ASN.1 got right
Message-ID: <20210302010731.GL30153@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/2pFVizPkiCcxbroW8BOpEyEc6ao>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2021 01:07:39 -0000

As an ASN.1 implementor, I can tell you things I, like many of you, hate
about ASN.1:

 - ugly syntax (made uglier by having tags as optional lexical elements)

 - ugly OIDs (should have been URNs or URN-like)

 - BER/DER/CER and all TLV encodings in the world (protocol buffers, I'm
   looking at you too) are awful

 - the fact that the specs were, for a long time, non-free, which led to
   a dearth of open source tooling that still persists somewhat (though
   not as bad as it used to be)

 - the fact that for years people hand-rolled their codecs due to the
   previous item, and so created many bugs

 - X.400/X.500, which are not part of ASN.1, of course, but closely
   related -- especially X.500 style naming!

Having recently implemented automatic open type decoding handling X.681/
X.682/X.683 (see RFCs 6025 for some insight, and 5912 for real examples
that I'm making use of), I can tell you that ASN.1 got some things

 - rich formalisms ("constraints")

 - separation of syntax and encoding rules

The fact that there are many encoding rules for ASN.1, of almost every
kind (binary TLV, binaray non-TLV, and textual, including XML- and
JSON-based rules) proves the last point.  I can't help but see how XDR,
NDR, and flatbuffers, among many other encodings out there, could easily
be used with ASN.1.  (E.g., what XDR and NDR call "pointers" are just
optional fields in ASN.1.)

The fact that one can implement automatic open type decoding using ASN.1
formalisms and those already published in, e.g., RFC 5912[*] proves the
utility of those formalisms.  I now get to see certificates and many
other things in all their "glorious" detail as JSON, including all
extensions and what not, and that's made possible by these formalisms.

I beg the next person to re-invent this darned wheel to please educate
themselves as to what came before.  Among many lessons you should learn,
learn that some things can't be monetized well enough, or at all, or can
only be monetized in exchange for limiting their adoption, so figure out
what your goals are, then align pricing and licensing with those.

And since open types appear to be unavoidable, but also always a pain if
you don't have the metaschema to express the metadata needed to automate
their handling, don't forget to cover that.

XML, of course, with namespaces and references, has a reasonable
approach to open types as well.  It's not just ASN.1 that gets that
right well enough.


[*] A big thank you to RFC 5912's authors, though sadly one of them has